This key length concern is highly dependent on the threat model. I believe RSA-1024 is likely safe TODAY for MOST attacks. That being said, I could not, in good conscience, suggest that anyone generate a 1024 bit key today -- the lifetime on that is probably too short, and almost any device (including most mobile devices that can handle some form of OpenPGP) should be able to handle at least 2048 bit without much trouble. Section 5.6 of NIST Publiction 800-57 (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf) is the best guidance I use for key length selection. NIST recommended that use of 1024 bit RSA-type (IFC) keys be discontinued in 2010. 2048 is recommended through 2030. I use a 4k master key (certification only) and 3k keys for encrypt and sign. Yes, this is perhaps a bit paranoid, but I have yet to run into any device where I feel the delay is unacceptable (my android phone included).
I don't believe that GPG alerts on key lengths at all, but it does have suggested lengths at key generation time. David On Mon, Mar 7, 2011 at 4:41 PM, Charly Avital <shavi...@mac.com> wrote: >> GPG Keychain Access 0.8.4 shows a red warning 'This key maybe unsafe' >> for *any* key with a length equal or inferior to 1024 bits. > [...] > >> >> Are keys whose length is equal or inferior to 1024 bits *unsafe*? >> If so, how are they unsafe? >> Where is this key length unsafe situation documented? > > I am not aware of any GnuPG command in Terminal that would display or > warn about this situation. Is there any, or should there be any? > > > [...] > > TIA. > Charly > > > > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
